After your opinion on something and I guess to also advise people that use Xero of a serious flaw in their system.
If and when you start using Xero, who ever creates the account and becomes the subscriber is then the sole person with permission to the account.
So for instance if you have your PA, Accountant or in our case an old Director create the account, they are the only ones that can control it.
If said PA, Accountant or ex Director become disgruntled with the company, there is no way to transfer the account to another user without that persons permission.
Our company recently had a Director stood down, he had the 'subscriber' status and refused to transfer it and Xero wouldnt do anything; even though
- Our company name was on all the account data
- Our company holds the direct debit for payment of the account
- Our company signed authority for the bank feeds
- The 2 remaining directors have signing authority over the bank accounts
- We contacted Xero and pointed them to the companies website showing we had authority over the data as directors
- The old director was stood down nearly 2 weeks ago
When asked of Xero what do we do, they suggested we export the data and reimport it and start again, there was no simple process around this however.
When asked how you open the account in the company name to ensure this doesnt happen again, we were suggested to use a shared email box rather than a single person.
When I asked what happens in the case of a shared mailbox, someone with access to that mailbox could just change the subscriber to themselves and walk out and hold us ransom, nothing can be done.
I find it hard to believe a company of Xero's size could leave a company so open to abuse.
In the case of all our bank accounts etc, we just contacted the bank and suppliers and stated they need to stand down the director and to view the Companies (Government) website to view the data themselves.
New forms were sent out to us and process was followed.
Does anyone have any suggestions as what to do from here?
Would love to hear from others that may have been a similar case.
Be warned of this huge flaw in their systems!